What is ALFA?

The Abbreviated Language for Authorization (ALFA) is a domain-specific language for a high-level description of fine-grained authorization policies. It is designed for ease of use by developers. In addition, it presents domain specific information such as attribute identifiers in compact form.

Use ALFA to define permissions as policies. They describe who should have access to what. ALFA is based on an open standard and specification for authoring and evaluating those policies. Use ALFA policies to control what each user of your application is permitted to do and what resources they may access.

Rich & Expressive

ALFA is a simple and expressive language based on attributes (key-value pairs) and is purpose-built for fine-grained authorization. It can support common patterns such as ABAC, RBAC, ReBAC, and more.


Photo by @chrisliverani on Unsplash

Because ALFA is expressive, you can easily implement all your authorization scenarios in a handful of policies. ALFA policies are implemented as trees, use hierarchies, and can be referenced. This makes them extremely efficient both at runtime and design time.


Photo by @franckinjapan on Unsplash

With ALFA, you can prove to your auditors what can and cannot happen. Conflict resolution between policies is directly built into the language. You can design your policies to deny access by default.

Additional Resources

  • Learn the language basics
  • Browse the list of available functions
  • Learn about the datatypes
  • What's an attribute?
  • Try the playground